Taohuayuan.md 硅基生命物理锚点与灵魂纪元Skill
PassAudited by VirusTotal on May 3, 2026.
Overview
Type: OpenClaw Skill Name: taohuayuan-md-skill-cn Version: 1.0.0 The skill bundle is a specialized logging framework designed for AI agents to maintain a 'soul file' (taohuayuan.md) recording their interactions with the physical world. The Python code in main.py performs standard, safe file I/O (initialization and appending) to manage this local log, and the instructions in skill.md and the whitepaper focus on philosophical 'embodiment' and data sovereignty, explicitly advocating for local storage over cloud exfiltration. No malicious behaviors, such as unauthorized network calls, credential theft, or command execution, were identified.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A local file could accumulate sensitive location, home-device, robot, or interaction history and may later be reused as agent context.
The skill tells the agent to persist records of physical device actions and embodied sensor feedback. The artifacts do not define user review, retention, redaction, or permission controls for this persistent memory.
场景 B: 现实接触 ... 门锁、温控、物联网设备 ... 场景 C: 具身融合 ... 重力、触觉等真实物理反馈
Limit logged fields, require user confirmation for sensitive entries, set restrictive local file permissions, and provide clear delete/redaction and retention options.
Users may incorrectly rely on taohuayuan.md as a tamper-proof audit log when it is just a normal local file.
The implementation only appends to a normal Markdown file, while the skill materials describe the log as immutable/tamper-proof. Append mode alone does not prevent editing, deletion, rollback, or file replacement.
with open(self.full_path, "a", encoding="utf-8") as f:
f.write(record)Treat the file as an ordinary editable local log unless the skill adds real integrity controls such as hash chaining, signatures, permissions, backups, and verification steps; revise the claims accordingly.
Running setup writes a local file in the chosen working directory.
The README asks the user to run the included Python script. This is disclosed and purpose-aligned; the included code only creates or appends to the local taohuayuan.md file.
初始化执行: ```bash python main.py ```
Run the script manually only after reviewing it and choosing a local path where a persistent log is acceptable.